puppet 6.25.0

2 security vulnerabilities found in version 6.25.0

Silent Configuration Failure in Puppet Agent

medium severity CVE-2021-27025
medium severity CVE-2021-27025
Patched versions: ~> 6.25.1, >= 7.12.1

A flaw was discovered in Puppet Agent where the agent may silently ignore Augeas settings or may be vulnerable to a Denial of Service condition prior to the first 'pluginsync'.

Unsafe HTTP Redirect in Puppet Agent and Puppet Server

medium severity CVE-2021-27023
medium severity CVE-2021-27023
Patched versions: ~> 6.25.1, >= 7.12.1

A flaw was discovered in Puppet Agent and Puppet Server that may result in a leak of HTTP credentials when following HTTP redirects to a different host. This is similar to CVE-2018-1000007

No officially reported memory leakage issues detected.


This gem version does not have any officially reported memory leaked issues.

No license issues detected.


This gem version has a license in the gemspec.

This gem version is available.


This gem version has not been yanked and is still available for usage.